version: 201911
You are the cloud administrator of a fictitious company named ESCloud. You have been tasked with setting up Openstack Environments for marketing and finance departments.
您是一家名为ESCloud的虚拟公司的云管理员。您的任务是为市场和财务部门设置Openstack环境。
The company has two departments, named marketing and finance. For each of the two departments create projects with details below:
该公司有两个部门,分别是市场部和财务部。为两个部门中的每个部门创建项目,其详细信息如下:
| Project Name: | marketing | finance |
|---|---|---|
| Description: | project for marketing | project for finance |
Marketing is managed by Roger and finance is managed by Frank. Both are going to be administrators of their respective projects. ESCloud has an engineer named James who will be a member of both departments. Create OpenStack user accounts for Roger, Frank and James with the data sheet below. For roles, please ensure that users only have the roles identified below - any additional default roles should be removed.
营销由罗杰(Roger)管理,财务由弗兰克(Frank)管理。两者都将成为各自项目的管理员。ESCloud拥有一个名为James的工程师,他将是两个部门的成员。使用以下数据表为Roger,Frank和James创建OpenStack用户帐户。对于角色,请确保用户仅具有以下标识的角色-应删除所有其他默认角色。
| User name: | roger | frank | james |
|---|---|---|---|
| Email: | @escloud.cn | @escloud.cn | @escloud.cn |
| Password: | rogerpass | frankpass | jamespass |
| Role/Project: | admin of marketing | admin of finance | Member of marketing (primary) and finance |
Management has imposed quotas of 3 VCPUs, 3072 MB of RAM and 3 Gigabytes of disk space (Total Size of Volumes and Snapshots (GB)) for marketing. For finance , quotas are 1 instance and 2 Gigabytes of disk space (Total Size of Volumes and Snapshots (GB)). For both groups, also set a maximum of 2 floating IPs and 2 security groups. Leave the OpenStack defaults for the rest.
管理层已为市场分配了3个VCPU,3072 MB RAM和3 GB磁盘空间(卷和快照总大小)的配额。对于财务而言,配额为1个实例和2 GB的磁盘空间(卷和快照的总大小(GB))。对于这两个组,还最多设置2个浮动IP和2个安全组。其余部分保留OpenStack默认值。
For initial tests the company will use a qcow2 image of Cirros, located at http://localhost:8090/mce100.img and named sharedimage. The image must be public so all projects can use it.
对于初始测试,该公司将使用位于http:// localhost:8090 / mce100.img并命名为sharedimage 的Cirros的qcow2图像。该图像必须是公共的,以便所有项目都可以使用它。
In addition to the default flavors that come with OpenStack, ESCloud has decided that it needs its own custom flavors for spawning instances using the shared image. Please create the following custom flavors.
除了OpenStack随附的默认样式外,ESCloud还决定它需要自己的自定义样式来使用共享映像生成实例。请创建以下自定义样式。
| Flavor name: | mflavor1 | mflavor2 | fflavor1 |
|---|---|---|---|
| VCPUs: | ⅓ of quota | ⅔ of quota | 1 |
| RAM: | ⅓ of quota | ⅔ of quota | 512 MB |
| Root Disk: | 1 GB | 2 GB | 1 GB |
| Ephemeral Disk: | 0 | 0 | 0 |
| Swap Disk: | 0 | 0 | 0 |
| Accessibility: | marketing | marketing | finance |
To enable access to the instance from the outside, ESCloud needs an external network. Create an external network with the following settings. ESCloud has decided that the ip range of 172.25.0.1 to 172.25.0.241 are reserved – ensure that they will not be used in this cluster and that DHCP is enabled for this network.
要从外部访问实例,ESCloud需要一个外部网络。使用以下设置创建一个外部网络。ESCloud已决定保留172.25.0.1到172.25.0.241的IP范围-确保它们不会在此群集中使用,并且已为此网络启用DHCP。
| name: | project | subnet name | network address | gateway | Provider Network Type | Physical Network | DHCP |
|---|---|---|---|---|---|---|---|
| public | admin | publicsubnet | 172.25.0.0/24 | 172.25.0.1 | Flat | public | Enabled |
备注: 本次测试网段:10.5.30.1-----10.5.30.15, 不分配网段10.5.30.1----10.5.30.5
Marketing tasks, please complete the following with the roger OpenStack account.
这里注意要切换租户和用户
ESCloud wants to ensure the instances in the marketing department can be accessed from outside via ping, web(http and https), and ssh. Create a security group msec (description:msec) with these rules.
ESCloud希望确保可以通过ping,web(http和https)和ssh从外部访问市场部门的实例。使用这些规则创建安全组msec(描述:msec)。
Create a keypair rogerkey and store the downloaded key(rogerkey.pem) in /tmp/ of the clab environment with permissions set to 600.
• Task 9: In order to boot instances, we need to create a network for marketing. Create a network with the following settings.
创建密钥对rogerkey并将下载的密钥(rogerkey.pem)存储在clab环境的/ tmp /中,权限设置为600。
•任务9:为了启动实例,我们需要创建一个营销网络。使用以下设置创建网络。
In order to boot instances, we need to create a network for marketing. Create a network with the following settings.
为了启动实例,我们需要创建一个营销网络。使用以下设置创建网络。
| name: | subnet name | network address | gateway |
|---|---|---|---|
| mnet | msubnet | 10.1.0.0/24 | 10.1.0.1 |
Create a router with name mrouter and connect mnet to public with it.
创建一个名称为mrouter的路由器,并将mnet连接到public。
| name: | flavor | keypair | network | image | Create New Volume | Sec Group |
|---|---|---|---|---|---|---|
| minstance1 | mflavor1 | rogerkey | mnet | sharedimage | No | msec |
| minstance2 | mflavor2 | rogerkey | mnet | sharedimage | No | msec |
Create two compute instances for marketing using the table below.
使用下表创建两个用于市场营销的计算实例。
| name: | flavor | keypair | network | image | Create New Volume | Sec Group |
|---|---|---|---|---|---|---|
| minstance1 | mflavor1 | rogerkey | mnet | sharedimage | No | msec |
| minstance2 | mflavor2 | rogerkey | mnet | sharedimage | No | msec |
Marketing needs these two instances to be accessible from the outside via specific ip addresses.
市场营销需要可以通过特定的ip地址从外部访问这两个实例。
| Floatingip: | 172.25.0.244 | 172.25.0.245 |
|---|---|---|
| Instance: | minstance1 | minstance2 |
Marketing needs to store important files on a volume so it will retain the data even if minstance1 is terminated. Create the volume with the name mvolume and 1GB size and attach it to minstance1.
市场营销需要将重要文件存储在一个卷上,因此即使minstance1终止,它也将保留数据。创建名称为mvolume且大小为1GB的卷,并将其附加到minstance1。
Test ping and ssh(as cirros) from the host to your marketing instances using keys via floating ips.
使用通过浮动ip的密钥,从主机到您的营销实例测试ping和ssh(作为cirros)。
Finance tasks, please complete the following with the frank OpenStack account using command line. (Important: If you are found to have completed the section below using Horizon/UI, you will forfeit points for the exam.)
这里注意要切换租户和用户
财务任务,请使用命令行使用坦率的OpenStack帐户完成以下操作。(重要提示:如果发现您已使用Horizon / UI完成了以下部分,则将丧失该考试的分数。)
We want to ensure the instances in the finance department can be accessed via ssh. Create a security group fsec with this rule.
我们希望确保可以通过ssh访问财务部门中的实例。使用此规则创建安全组fsec。
答案:
openstack security group create fsec --project finance --description fsec
openstack security group rule create --dst-port 22 --protocol tcp fsec
注意检查结果:
[root@openstack1 tmp]# openstack security group rule list msec --long
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
| ID | IP Protocol | IP Range | Port Range | Direction | Ethertype | Remote Security Group |
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
| 2f319d18-125b-4ffe-a79d-97f849a27ea4 | None | None | | egress | IPv4 | None |
| 4b5b209f-7bd2-4ca6-a9f4-91691eda9001 | icmp | 0.0.0.0/0 | | ingress | IPv4 | None |
| 64bb6b3f-f33f-4dd2-bdfa-98280124a84d | tcp | 0.0.0.0/0 | 80:80 | ingress | IPv4 | None |
| 9e75a6e3-29bb-4ff1-8eb9-5cef6a104bc4 | tcp | 0.0.0.0/0 | 443:443 | ingress | IPv4 | None |
| bb22abf6-af3e-499e-a75e-78d17bc2d773 | tcp | 0.0.0.0/0 | 22:22 | egress | IPv4 | None |
| d22144be-5938-40a0-a2b8-43d29406b56c | None | None | | egress | IPv6 | None |
| d3c29271-6a48-4b9a-af14-a67935454976 | tcp | 0.0.0.0/0 | 22:22 | ingress | IPv4 | None |
+--------------------------------------+-------------+-----------+------------+-----------+-----------+-----------------------+
Create a keypair named frankkey. Store this key with permissions set to 600 as /tmp/frankkey.pem folder of the exam environmentf
创建一个名为frankkey的密钥对。将此密钥(权限设置为600)存储为考试环境的/tmp/frankkey.pem文件夹。
答案:
openstack keypair create frankkey > /tmp/frankkey.pem
chmod 600 /tmp/frankkey.pem
Create a network fnet with a subnet fsubnet and IP range 10.2.0.0/24.
创建一个子网为fsubnet且IP范围为10.2.0.0/24的网络fnet。
答案:
openstack network create fnet --project finance
openstack subnet create fsubnet --network fnet --subnet-range 10.2.0.0/24
Create router frouter and connect fnet to public with it
创建路由器frouter并将其与fnet连接到公共
答案:
openstack router create --project finance frouter
openstack router set --external-gateway public
openstack router add subnet frouter fsubnet
Create the following instance:
| name: | flavor | keypair | network | image | Sec Group |
|---|---|---|---|---|---|
| finstance1 | fflavor1 | frankkey | fnet | sharedimage | fsec |
答案:
openstack server create finstance1 --flavor fflavor1 --key-name frankkey --network fnet --image sharedimage --security-group fsec
Assign the floating IP 172.25.0.247 to the finstance1
将浮动IP 172.25.0.247分配给finstance1
答案:
openstack floating ip create --floating-ip-address 10.5.30.13 public
openstack server add floating ip finstance1 10.5.30.13
Upload the file test.mov, which is located in /opt/stack/files/ on your clab environment, into a Swift container named Movies. Ensure that the object name is test.mov.
将文件ctest.mov(位于您的实验室环境中的/opt/stack/files/中)上传到名为Movies的Swift容器中。确保对象名称为test.mov。
答案:
source xxx-openrc.sh
cd /opt/stack/files/
swift upload Movies test.mov
Test the finance instance. Verify if you can ssh into the floating IP as user cirros with the key generated.
测试财务实例。验证是否可以使用生成的密钥作为用户cirros进入浮动IP。
答案:
ssh -i /tmp/frankkey.pem cirros@10.5.30.13
Finally, implement a policy change that allows only administrators to create volumes and networks.
最后,实施策略更改,仅允许管理员创建卷和网络。
答案:
是的,我知道最好使用webmock,但我想知道如何在RSpec中模拟此方法:defmethod_to_testurl=URI.parseurireq=Net::HTTP::Post.newurl.pathres=Net::HTTP.start(url.host,url.port)do|http|http.requestreq,foo:1endresend这是RSpec:let(:uri){'http://example.com'}specify'HTTPcall'dohttp=mock:httpNet::HTTP.stub!(:start).and_yieldhttphttp.shou
假设我在Store的模型中有这个非常简单的方法:defgeocode_addressloc=Store.geocode(address)self.lat=loc.latself.lng=loc.lngend如果我想编写一些不受地理编码服务影响的测试脚本,这些脚本可能已关闭、有限制或取决于我的互联网连接,我该如何模拟地理编码服务?如果我可以将地理编码对象传递到该方法中,那将很容易,但我不知道在这种情况下该怎么做。谢谢!特里斯坦 最佳答案 使用内置模拟和stub的rspecs,你可以做这样的事情:setupdo@subject=MyCl
在ruby中,你可以这样做:classThingpublicdeff1puts"f1"endprivatedeff2puts"f2"endpublicdeff3puts"f3"endprivatedeff4puts"f4"endend现在f1和f3是公共(public)的,f2和f4是私有(private)的。内部发生了什么,允许您调用一个类方法,然后更改方法定义?我怎样才能实现相同的功能(表面上是创建我自己的java之类的注释)例如...classThingfundeff1puts"hey"endnotfundeff2puts"hey"endendfun和notfun将更改以下函数定
我有一个gem,它有一个根据Rails.env的不同行为的方法:defself.envifdefined?(Rails)Rails.envelsif...现在我想编写一个规范来测试这个代码路径。目前我是这样做的:Kernel.const_set(:Rails,nil)Rails.should_receive(:env).and_return('production')...没关系,只是感觉很丑。另一种方法是在spec_helper中声明:moduleRails;end而且效果也很好。但也许有更好的方法?理想情况下,这应该有效:rails=double('Rails')rails.sho
我有一个rspec模拟对象,一个值赋给了属性。我正在努力在我的rspec测试中满足这种期望。只是想知道语法是什么?代码:defcreate@new_campaign=AdCampaign.new(params[:new_campaign])@new_campaign.creationDate="#{Time.now.year}/#{Time.now.mon}/#{Time.now.day}"if@new_campaign.saveflash[:status]="Success"elseflash[:status]="Failed"endend测试it"shouldabletocreat
我正在尝试测试命令行工具的输出。如何使用rspec来“伪造”命令行调用?执行以下操作不起作用:it"shouldcallthecommandlineandreturn'text'"do@p=Pig.new@p.should_receive(:run).with('my_command_line_tool_call').and_return('resulttext')end如何创建stub? 最佳答案 使用newmessageexpectationsyntax:规范/虚拟规范.rbrequire"dummy"describeDummy
我有一个或多或少这样的场景classAdefinitialize(&block)b=B.new(&block)endend我正在对A类进行单元测试,我想知道B#new是否正在接收传递给A#new的block。我使用Mocha作为模拟框架。这可能吗? 最佳答案 我用Mocha和RSpec都试过了,虽然我可以通过测试,但行为不正确。从我的实验中,我得出结论,验证block是否已通过是不可能的。问题:为什么要传递一个block作为参数?block将用于什么目的?什么时候调用?也许这确实是您应该用类似的东西测试的行为:classBlockP
我目前正在将一种算法从Java转换为Ruby,但由于Ruby中缺少整数溢出,我遇到了一些障碍。假设我的值为2663860877,它大于最大整数2147483648。在Java中,它环绕,我应该得到-1631106419。我找到了这段代码,但它似乎不起作用:defforce_overflow(i)ifi2147483647i&0xffffffffelseiendend并且'ing变量不会像您期望的那样强制它为负。 最佳答案 假设32位整数具有二进制补码负数,这应该可行:defforce_overflow_signed(i)force_
我有一个命令行应用程序,它使用thor来处理选项的解析。我想使用test-unit和/或minitest针对代码对命令行功能进行单元测试。我似乎无法弄清楚如何确保ARGV数组(通常会保存命令行中的选项)保存我的测试选项,以便它们可以根据代码进行测试。具体应用代码:#myapp/commands/build.rbrequire'thor'moduleMyappmoduleCommands#DefinebuildcommandsforMyAppcommandlineclassBuild:test_unit#Definesourcerootofapplicationdefself.sourc
我想显示一个计数中使用的SQL。但是,Model.count.to_sql将不起作用,因为count返回一个没有to_sql方法的FixNum。我认为最简单的解决方案是这样做:Model.where(nil).to_sql.sub(/SELECT.*FROM/,"SELECTCOUNT(*)FROM")这会创建与Model.count中使用的SQL相同的SQL,但它是否会导致进一步的问题?例如,如果我添加一个复杂的where子句和一些连接。有更好的方法吗? 最佳答案 你可以试试Model.select("count(*)asmode